A jump instruction but seems not work well

[hendric]

Source code is listed as follow:

Code: Select all

/* Region [256k,512k) reserved for buffering */
BUFFER_START_SEG=0x0400
/* stack stretchs from 640k down */
STACK_START_SEG=0x0A00 
/* stage2 starts at 0x0800:0000 */
STAGE2_START_SEG=0x0800
/* sizeof fs header=40 */
HEADER_SIZE=40

.code16
.text

_start:
 cli
 movw %cs,%ax
 movw %ax,%ds
 movw $booting_stage2_msg,%si
 call put_string
 call get_memory_e801
 call enable_a20_gate
 jmp prepare_to_32

enable_a20_gate:
 pushw %ax
 inb $0x92,%al
 xorb $2,%al
 outb %al,$0x92
 popw %ax
 ret

 
prepare_to_32:
lidt   idt_48            
xorl   %eax, %eax         
movw   %ds, %ax         
shll   $4, %eax
addl   $gdt, %eax
movl   %eax, (gdt_48+2)
lgdt   gdt_48         
movl    %cr0,%eax
orl     $1,%eax
movl    %eax,%cr0
movw   $0x10,%ax
movw   %ax,%ss
movw   %ax,%ds
movl    $640*1024-1,%eax
movl    %eax,%esp

.byte 0x66
.byte 0xea
.long 0x80200
.word 0x8

// <pype>helper functions stripped out for clarity</pype>

booting_stage2_msg:
.string "Now booting Stage2...\n\r"
die_e801_msg:
.string "[FATAL]e801 is not supported!\n\r"

.align 16
gdt:
   .word   0
   .word   0
   .word   0
   .word   0
   
   .word   0xFFFF            
   .word   0            
   .word   0x9A00            
   .word   0x00CF         

   .word   0xFFFF      
   .word   0            
   .word   0x9200            
   .word   0x00CF /*0x00CF*/         

gdt_end:
   .align   4
   
   .word   0            
idt_48:
   .word   0            
   .word   0, 0            

   .word   0            
gdt_48:
   .word   gdt_end - gdt - 1      
   .word   0, 0         

I used gcc -c and ld --oformat binary -Ttext 0 -e 0 to compile and link it.And,I've already place 0xFA,0xF4 correctly at 0800:0200 (512k+512).But when I debug the section of code on bochs ,bochs restarted again and again.Relative log informations are listed as follow:

00000950337i[CPU0 ] LOCK prefix unallowed (op1=0x1, attr=0x300, mod=0xc0, nnn=6)
00000950337e[CPU0 ] exception(): 3rd (13) exception with no resolution, shutdown status is 00h, resetting
00000950337i[CPU0 ] protected mode
00000950337i[CPU0 ] CS.d_b = 32 bit
00000950337i[CPU0 ] SS.d_b = 32 bit
00000950337i[CPU0 ] | EAX=0009fe09 EBX=00000001 ECX=00000007 EDX=00000080
00000950337i[CPU0 ] | ESP=0009fffb EBP=0009fffb ESI=000000d0 EDI=00000200
00000950337i[CPU0 ] | IOPL=0 vm RF ac nt of df if tf SF zf af PF cf
00000950337i[CPU0 ] | SEG selector base limit G D
00000950337i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00000950337i[CPU0 ] | CS:0008( 0001| 0| 0) 00000000 000fffff 1 1
00000950337i[CPU0 ] | DS:0010( 0002| 0| 0) 00000000 000fffff 1 1
00000950337i[CPU0 ] | SS:0010( 0002| 0| 0) 00000000 000fffff 1 1
00000950337i[CPU0 ] | ES:0400( 0000| 0| 0) 00004000 0000ffff 0 0
00000950337i[CPU0 ] | FS:0000( 0000| 0| 0) 00000000 0000ffff 0 0
00000950337i[CPU0 ] | GS:0000( 0000| 0| 0) 00000000 0000ffff 0 0
00000950337i[CPU0 ] | EIP=0009fd24 (0009fd24)
00000950337i[CPU0 ] | CR0=0x00000011 CR1=0 CR2=0x00000000
00000950337i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
00000950337i[SYS ] bx_pc_system_c::Reset(SOFTWARE) called

Please anyone tell me why to cause the fault.
Best regards.

[Pype.Clicker]

well, you're in protected mode and received a triple-fault. your code seems to be at address 0009fd24, but nothing in your source gives me a clue of where that could be.

Plenty of things in the code you posted are probably irrelevant to your problem (e.g. the "put string" and other "get memory" functions) ...

And,I've already place 0xFA,0xF4 correctly at 0800:0200 (512k+512)

i don't have the slightest idea of what this could mean. 0800:0200 is unlikely to be "512K+512", imho. that's more likely to be 0x8200, that is 32K+512 ...

meaning that

Code: Select all

.byte 0x66
.byte 0xea
.long 0x80200
.word 0x8

is likely to throw you in the wastelands of NULL pointers where daemons and core dumps awaits thee.

[Brendan]

Hi,

Welcome to the forum!


First, the "jmp dword 0x8:0x80200" instruction is definately working because CS is changed to 0x08....

Pype is right though - perhaps you want to jump to 0x8:0x00008200.

And,I've already place 0xFA,0xF4 correctly at 0800:0200 (512k+512).

How?

There's nothing in your boot code that puts the "CLI; HLT" at 0x8000:0x0200 (or 0x0800:0x0200).

Based on the Bochs log, it does jump to 0x0080200. If there's nothing there except a whole heap of zeros then the CPU will think the zeros are "add [eax],al" instructions and execute them all until it runs into data in the EBDA (just below 0x000A0000). This explains why EIP=0009FD24 when it crashes (that's where EBDA is).

An easy way to find out exactly what is happening is to single-step through it using Bochs. Make sure you've got a version of Bochs with the debugger enabled, and when it starts type in "vb 0:0x7c00" to set a breakpoint, then type in "c" to make it run.

As soon as it starts the boot code it'll hit that breakpoint and stop. From here you can use "s" to execute one instruction only, or "p" to execute up to the next instruction. This sounds like the same thing, but it's not. Consider a "call put_string" instruction - "s" will take you to the first instruction in the called code, while "p" will stop when the called code returns.

While doing this you might want to do the occasional "infor" to see what is in all the registers, or try "x /16 0x0080200" to see if your "CLI; HLT" is where it should be....


Cheers,

Brendan

[hendric]

Thank you for all your replies.It's really a stupid error that STAGE2_START_SEG should be 0x8000.But your words are very helpful,thank you ,Brendan and Pype.Clicker . Before posting topics I should have checked source code carefully